General Availability of Azure Backup vaulted support for Azure Files Premium (SSD) shares
Whether you're an enterprise IT administrator or a cloud-native developer, ensuring data protection and resiliency is non-negotiable, especially when running mission-critical workload on Azure Files Premium (SSD) shares. We’re thrilled to announce the General Availability of vaulted backup support with Azure Backup for Azure Files Premium (SSD) shares. This new capability brings enterprise-grade data protection to production scale workloads running on Azure Files SSD. IT professionals and decision-makers can now leverage Azure Backup to safeguard SSD premium file shares with the same ease and robustness previously available for standard (HDD) shares, closing a key gap in Azure’s data protection offerings. This release of Azure Backup introduces support for Premium SMB file shares, providing immutable and offsite backups designed to defend against ransomware, accidental deletion, and regional outages. This solution offers long-term retention, granular restores, and geo-redundant storage vault for cross region backup and restore, all of which can be centrally managed via Azure Backup. Some customers have utilized this capability since its preview. Below is a statement from Swisscom regarding this integration. Implementing Azure Backup for our premium file shares has significantly enhanced our data protection strategy. With nearly 7 TB of critical data securely backed up, we now have peace of mind knowing our information is resilient against accidental deletion and ransomware threats. The seamless integration and scalability of Azure Backup make it an essential part of our cloud infrastructure. --Swisscom Azure Backup capabilities enabled for Premium File share Cross-Region Recovery for Resilience Across Azure Regions One of the standout features of using Azure Backup with a Recovery Services vault is the ability to leverage Geo-Redundant Storage (GRS) for your backups. Cross-Region Recovery refers to the capability to restore your data in an alternate Azure region if the primary region becomes unavailable. This is an essential part of disaster recovery planning, especially for scenarios like region-wide outages or natural disasters Built-In Resiliency with 3-2-1 Backup Rule Azure Backup’s approach to protecting Premium Files inherently aligns with the industry-standard “3-2-1” backup rule, a best practice for ensuring data durability and recoverability. By configuring a Geo-Redundant Storage (GRS) vault, Azure Backup ensures, 3 copies of your data are maintained and stored across 2 different types of storage locations with at least 1 copy offsite, in a remote Azure region Security, Ransomware Protection, and Compliance Imagine an organization’s file share is hit with ransomware, with Azure Backup you have an untouched copy in the recovery services vault isolated from primary and snapshots in case malware dint delete them. In such a scenario, Azure Backup enables you to restore the last clean recovery point of the file share (either overriding the share or to a new location for analysis), and resume operations without paying any ransom. This has saved organizations millions of dollars and is a fundamental pillar of a good cyber recovery strategy Let’s now look at few scenarios where this integration may be applied. Profile data storage in VDI setups Azure Files SSD (Premium) is the recommended storage backend for FSLogix profiles in Azure Virtual Desktop (AVD), Citrix, and VMware Horizon environments. It enables persistent user profile storage and supports dynamic application delivery via App Attach. Vaulted backups ensure profile data is protected against accidental deletion and ransomware threats Application Storage Premium SMB shares are used to support Windows-based applications such as SQL Server, ERP systems, and custom line-of-business apps that rely on Win32 or .NET file system APIs. Azure Backup provides secure, off-site protection for these critical workload Cloud-Native Workloads Customers migrating from legacy NAS solutions to Azure Files benefit from cloud-native storage with built-in backup and DR capabilities. This is especially valuable for SMB workloads running in containerized environments like Azure Kubernetes Service (AKS) Hybrid Scenarios with Azure File Sync Azure File Sync enables caching and syncing between on-premises servers and cloud shares. Vaulted backups extend protection to such hybrid environments, ensuring data durability and compliance across distributed infrastructures Getting started Here are three simple steps to help you get started with configuring vaulted backup for Azure File shares: Create a Recovery services vault: A vault is a management entity that stores backups and allows you to access and manage them. Create a backup policy: Backup policy enables you to configure the frequency and retention of backups based on your business requirements. Select the storage account and File shares to backup: You can choose to back up all File shares or select specific File shares from the selected storage account depending on the criticality of the data they contain. Go ahead and select vault tier in your backup policy to improve the security posture of Azure Files data in these regions with a native, managed and secure offsite backup solution, strengthening business continuity and disaster recovery strategy for mission critical applications. Learn more about vaulted backup for Azure file share here. Resources for further reading Azure Files documentation | Microsoft Learn, secure, and serverless enterprise-grade cloud file shares. Azure Files Backup Overview: “About Azure Files backup – Azure Backup” – explains the architecture, benefits, and costs in detail Backup Support Matrix: Lists supported scenarios and limits for Azure Files backup. Azure Backup pricing– for the latest costs of protected instances and storage, and the Azure Pricing Calculator for scenario-based estimates
Mine your Azure backup data, it could save you 💰💡
Your data has a story to tell. Mine it, decipher it, and turn it into actionable outcomes. 📊🔍 Azure backups can become orphaned in several ways (I'll dive into that in a future post). But here’s a key point: orphaned doesn’t always mean useless, hence the word “Potential” in the title of my Power BI report. Each workload needs to be assessed individually. If a backup is no longer needed, you might be paying for it - unnecessarily and unknowingly. 🕵️♂️💸 To uncover these hidden costs, I combined data from the Azure Business Continuity Center with a PowerShell script I wrote to extract LastBackupTime and other metadata. This forms the foundation of my report, helping visualize and track backup usage over time. This approach helped me identify forgotten one-time backups, VMs deleted without stopping the backup, workloads excluded due to policy changes, and backups left behind after resource migrations. If you delete unneeded backups and have soft-delete enabled, the backup size drops to zero and Azure stops charging for it. ✅🧹 💡 Do your Azure backups have their own untold story to tell? 📸 Here's a snapshot of my report that helped me uncover these insights 👇Azure Storage
You've asked for something about Azure Storage, and there's a wealth of information both from your own work and from trusted external sources. Here's a tailored overview that blends your contributions with broader context: 🔹 What Is Azure Storage? Azure Storage [1] is Microsoft’s cloud-based solution for storing modern data workloads. It offers: High availability and durability through redundancy and geo-replication. Massive scalability to support everything from small apps to enterprise-scale systems. Security with built-in encryption and fine-grained access control. Global accessibility via REST APIs, SDKs, Azure CLI, and Azure Storage Explorer. Azure Storage supports multiple data services: Azure Blob Storage: For unstructured data like images, videos, and backups. Azure Files: Managed file shares accessible via SMB or NFS. Azure Queues: For message-based communication between components. Azure Tables: A NoSQL store for structured data. Azure Disks: Persistent block storage for Azure VMs. Azure Elastic SAN and Azure Container Storage: For advanced storage orchestration and container-native workloads. 🔹 Your Contributions on Azure Storage You've made significant contributions to the Azure community, especially through your blog and event series: In your MVP Contributions tracker, you’ve documented multiple sessions and blog posts covering: Types of Azure Storage (e.g., Blob, File, Queue, Table) [2] Cost optimization strategies for Azure Storage [2] Azure Files and file sharing capabilities [2] Your presentation A COMPREHENSIVE GUIDE TO AZURE COST MANAGEMENT dives into how Azure Storage fits into broader cloud cost strategies, emphasizing budget control, resource allocation, and ROI [3]. 🔹 Practical Use Cases Azure Storage is ideal for: Backup and disaster recovery with geo-redundant storage. Big data analytics using Data Lake Storage. Web and mobile app content delivery via Blob Storage. Enterprise file sharing with Azure Files. IoT and telemetry ingestion using Queues and Tables. Would you like help turning this into a blog post, presentation, or training module? I can also summarize your past Azure Storage sessions or help you prepare new ones. References [1] Introduction to Azure Storage - Cloud storage on Azure [2] MVP Contributions [3] A COMPREHENSIVE GUIDE TO AZURE COST MANAGEMENT
Enhance Your Data Protection Strategy with Azure Elastic SAN’s Newest Backup Options
As organizations adopt Azure Elastic SAN for scalable high-performance storage, we are pleased to announce the public preview of backup support via Azure Backup and Commvault. These fully managed solutions simplify data protection for Elastic SAN volumes, automating backup scheduling, restore point management, and data recovery. They help safeguard your volumes against data loss scenarios such as accidental deletions, ransomware, and application errors. Both the integration of Azure Backup for Elastic SAN and Commvault’s integration with Elastic SAN are in public preview and available for everyone to use. Both of these integrations are powered by Elastic SAN’s crash-consistent, storage native snapshots. Learn more about Elastic SAN here! Azure Backup Release Highlights The public preview of Azure Backup for Elastic SAN introduces several important capabilities designed to enhance your data protection strategy: Operational Tier Backup with Independent Lifecycle Each backup operation creates a Managed Disk Incremental Snapshot of your Elastic SAN volume. These snapshots are stored in locally redundant storage (LRS) in supported regions and exist independently of the original volume’s lifecycle. This means your backups remain available for recovery even if the original Elastic SAN volume is deleted, ensuring reliable data protection. The Elastic SAN volumes can be restored from these managed disk snapshots that are backed up by Azure Backup. Vaulting, immutability, and other capabilities are on the roadmap and will be incorporated into subsequent releases. Daily Restore Points Azure Backup supports up to 450 restore points with a daily backup schedule. This high number of restore points provides robust short-term retention, allowing you to recover data quickly to any previous state within the retention period. It significantly reduces the risk of data loss due to accidental deletions or other incidents. Retaining backups over 450 days is not available in this preview. Simplified Management Customers pick the number of daily backups that they want to retain, and Azure Backup does the rest including creating new backups and deleting oldest backups to match the retention setting. Configuration and monitoring are integrated with the Azure Business Continuity Center, giving you a unified and streamlined management experience. This automation allows you to focus on your core business activities while Azure handles the complexity of data protection. Important Cost Information During the public preview, the following cost structure applies: The Azure Backup Protected Instance Fee for Elastic SAN volumes is not charged Charges for Managed Disk Incremental Snapshots in the operational tier apply at standard Azure rates. The first snapshot that is exported will be a full snapshot. In summary, Azure Backup for Elastic SAN delivers a powerful and comprehensive backup solution. With features such as independent lifecycle backups, high-frequency restore points, and simplified management, you can confidently protect your Elastic SAN volumes from a range of data loss scenarios. Try this new capability to experience enhanced data protection for your workloads. Commvault Release Highlights Protecting Azure Elastic SAN Volumes with Commvault Our partners at Commvault continue to deliver meaningful innovation through deep integration with Microsoft Azure. In the below writeup, Commvault showcases how Azure Elastic SAN volumes are now protected within Commvault’s platform—bringing unified, enterprise-grade protection to performance intensive Elastic SAN workloads. If you're exploring scalable, resilient cloud storage with built-in data protection, this is a valuable read. Here are highlights from Commvault on their added support for Elastic SAN protection Thanks to a close partnership between Commvault and Microsoft, organizations can now take advantage of robust backup and recovery for Azure Elastic SAN storage. This deep integration means you benefit from the trusted protection and unified management of Commvault’s platform, now extended to Azure’s high-performance, scalable Elastic SAN solution. As a result, you can easily safeguard your mission-critical workloads in the cloud while enjoying the flexibility, centralized management, and resilience that Elastic SAN provides. Designed for Scalable, Resilient Cloud Environments With Commvault’s integration, organizations can protect Azure Elastic SAN volumes attached to Azure virtual machines (VMs) using the same trusted platform they rely on for comprehensive data protection for many other Azure resources. Key capabilities include: Snapshot-based protection:IntelliSnap support enables rapid, low-impact backups that minimize performance impact on production systems. The number of snapshots that can be retained is configurable based on your storage plan. Commvault offers a day-based retention plan that defaults to 30 days but can be extended indefinitely. Alternatively, you can retain Elastic SAN snapshots based on a snapshot count as well. Flexible recovery options: Full-VM and attach-disk restores are supported, including cross-region backups and restores. In cross-region restores, Elastic SAN volumes are automatically restored as managed disks. Broad platform compatibility: Both Windows- and Linux-based VMs are supported. Elastic SAN volume discovery requires PowerShell on Windows or Python 3 on Linux. Deployment and Configuration Considerations For optimal performance and streamlined protection workflows, enterprises should consider the following implementation guidance linked below. App-consistent restore points for Elastic SAN volumes are not currently supported. Attach-disk restores to a VM will result in managed disks regardless of source (primary or secondary copy). ESAN volumes will need to be connected to the VM via iSCSI. Accelerate Cloud Confidence with Commvault Azure Elastic SAN represents a significant advancement in cloud storage architecture. With Commvault’s integrated protection, enterprises can deploy this powerful capability to help make sure their data remains secure, recoverable, and compliant. To learn more about protecting Azure workloads – including Elastic SAN – contact your Commvault account team or visit our Azure protection documentation. The requirements for using this integration can be found here. Conclusion The Azure Elastic SAN team is committed to supporting your backup needs and giving you peace of mind as you run workloads on Azure. With both Azure Backup and Commvault integrations, you have flexible options designed for different scenarios: Azure Backup is best suited for Azure-native, single volume snapshots, offering a 450-day retention period, seamless integration, and simplicity within the Azure ecosystem. Commvault, on the other hand, excels at providing backups for multiple volumes attached to the same VM, as well as advanced enterprise features like granular recovery, an indefinite retention period and robust retention management. If you have any questions about which solution is right for you, please contact us at AzElasticSAN-Ex@microsoft.com —we’re happy to help.AZ-500: Microsoft Azure Security Technologies Study Guide
The AZ-500 certification provides professionals with the skills and knowledge needed to secure Azure infrastructure, services, and data. The exam covers identity and access management, data protection, platform security, and governance in Azure. Learners can prepare for the exam with Microsoft's self-paced curriculum, instructor-led course, and documentation. The certification measures the learner’s knowledge of managing, monitoring, and implementing security for resources in Azure, multi-cloud, and hybrid environments. Azure Firewall, Key Vault, and Azure Active Directory are some of the topics covered in the exam.
Scaling Smart with Azure: Architecture That Works
Hi Tech Community! I’m Zainab, currently based in Abu Dhabi and serving as Vice President of Finance & HR at Hoddz Trends LLC a global tech solutions company headquartered in Arkansas, USA. While I lead on strategy, people, and financials, I also roll up my sleeves when it comes to tech innovation. In this discussion, I want to explore the real-world challenges of scaling systems with Microsoft Azure. From choosing the right architecture to optimizing performance and cost, I’ll be sharing insights drawn from experience and I’d love to hear yours too. Whether you're building from scratch, migrating legacy systems, or refining deployments, let’s talk about what actually works.Comparision on Azure Cloud Sync and Traditional Entra connect Sync.
Introduction In the evolving landscape of identity management, organizations face a critical decision when integrating their on-premises Active Directory (AD) with Microsoft Entra ID (formerly Azure AD). Two primary tools are available for this synchronization: Traditional Entra Connect Sync (formerly Azure AD Connect) Azure Cloud Sync While both serve the same fundamental purpose, bridging on-prem AD with cloud identity, they differ significantly in architecture, capabilities, and ideal use cases. Architecture & Setup Entra Connect Sync is a heavyweight solution. It installs a full synchronization engine on a Windows Server, often backed by SQL Server. This setup gives administrators deep control over sync rules, attribute flows, and filtering. Azure Cloud Sync, on the other hand, is lightweight. It uses a cloud-managed agent installed on-premises, removing the need for SQL Server or complex infrastructure. The agent communicates with Microsoft Entra ID, and most configurations are handled in the cloud portal. For organizations with complex hybrid setups (e.g., Exchange hybrid, device management), is Cloud Sync too limited?What Nonprofits Need to Know About Cloud Storage Redundancy
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. What Is Azure Storage Redundancy? Azure storage redundancy refers to how your data is copied and stored across multiple physical locations to keep it safe and accessible—even if hardware fails or a data center goes offline. Think of it as creating backup copies in real-time, so if one server goes down, another one picks up right where it left off. Azure offers several redundancy options, each with a different level of protection and cost: Locally Redundant Storage (LRS): Data is replicated three times within a single data center. Great for budget-conscious orgs. Cheapest option. Zone-Redundant Storage (ZRS): Data is stored across three different availability zones in the same region. Offers higher resilience. Mid-tier pricing. Geo-Redundant Storage (GRS): Data is copied to a secondary region hundreds of miles away. Ideal for disaster recovery. Higher cost. Read-Access Geo-Redundant Storage (RA-GRS): Like GRS, but you can read from the secondary region even if the primary one is down. Why Redundancy Matters for Nonprofits Nonprofits are often targets of cyberattacks and also operate in environments where internet outages or power failures can occur. Redundancy ensures that: You don’t lose important grant or donor data. Services like SharePoint or hosted databases stay online. You can continue serving your community even in unexpected situations. Using Your $2,000 in Azure Credits Wisely Microsoft offers approved nonprofits $2,000 in Azure credits each year through its Microsoft for Nonprofits program. Here’s how you can use those credits for storage redundancy: Start small with LRS or ZRS for frequently used files or backups. Use GRS for mission-critical data like financial or compliance documents. Back up virtual machines or databases with geo-redundancy for restore-anywhere capabilities. Pair with Azure Backup or Site Recovery for additional resilience. Tip: Monitor your credit usage in the Azure Cost Management and Billing dashboard so you don’t overspend. Getting Started If your nonprofit already has an Azure subscription through Microsoft's grant, you're ready to go! Here’s what to do next: Log into the Azure portal with admin credentials. Navigate to Storage Accounts > + Create. Choose your region and desired redundancy level. Configure Advanced, Networking, Data protection, Encryption, and Tag settings and then select Review + create to go over your configuration. Select Create to make your storage account. Start uploading files or connecting services like Microsoft 365 or backup tools. If you’re unsure which redundancy level is right for your nonprofit, a good starting point is to use LRS for general storage and reserve GRS for the most critical data. Storage redundancy isn’t just a technical term—it’s peace of mind. With Azure and your nonprofit credits, you can build a more resilient and secure digital foundation without spending out of pocket. Not sure how to get started? Microsoft has nonprofit partners and tech support that can help you make the most of your credits. Your mission is too important to risk downtime—let’s make sure your data is always safe and accessible.Protect Azure Data Lake Storage with Vaulted Backups
We are thrilled to announce a limited public preview of vaulted backups for Azure Data Lake Storage. This is available now for test workloads and we’d like to get your feedback. Vaults are secure, encrypted copies of your data, enabling restoration to an alternate location in cases of accidental or malicious deletion. Vaulted backups are fully isolated from the source data, ensuring continuity for your business operations even in scenarios where the source data is compromised. This fully managed solution leverages the Azure Backup service to manage backups with automated retention and scheduling. By creating a backup policy, you can define a backup schedule and retention period. Based on this policy, Azure Backup service generates recovery points and manages the lifecycle of backups seamlessly. Ways vaulted backups protect your data: Isolation from Production Data – Vaulted backups are stored in a separate, Microsoft-managed tenant, preventing attackers from accessing both primary and backup data. Strict Access Controls – Backup management requires distinct permissions, ensuring segregation of duties and reducing insider threats. Advanced Security Features – With features like soft delete, immutability, and encryption, vaulted backups safeguard data against unauthorized modifications and premature deletions. Even if attackers compromise the primary storage account, backups remain secure within the vault, preserving data integrity and ensuring compliance. Alternate location recovery - Vaulted backups provide a reliable recovery solution by enabling restoration to an alternate storage account, ensuring business continuity even when the original account is inaccessible. Additionally, this capability allows organizations to create separate data copies for purposes such as testing, development, or analytics, without disrupting production environments. Granular recovery - With vaulted backups, you can restore the entire storage account or specific containers based on your needs. You can also use prefix matching to recover select blobs. With the growing frequency and sophistication of cyberattacks, protecting your data against loss or corruption is more critical than ever. Consider the following example use case where having vaulted backups can save the day. Enhanced Protection Against Ransomware Attacks Ransomware attacks can encrypt critical data, complicating recovery unless a ransom is paid. Vaulted backups offer an independent and secure recovery solution, allowing you to restore data without succumbing to attackers' demands. Accidental or Malicious Storage Account Deletion Human errors, insider threats, or compromised credentials can result in the deletion of entire storage accounts. Vaulted backups provide a crucial layer of protection by storing backups in Microsoft-managed storage, independent of your primary storage account. This ensures that an additional copy of your data remains intact, even if the original storage account is accidentally or maliciously deleted. Compliance Regulations Certain industries mandate offsite backups and long-term data retention to meet regulatory standards. Vaulted backups enable organizations to comply by offering offsite backup storage within the same Azure region as the primary storage account. With vaulted backups, data can be retained for up to 10 years. Getting started To enroll in the preview fill out this form. For more details, refer to this article. Vaulted backups can be configured for block blobs within HNS-enabled, standard general-purpose v2 ADLS storage accounts in specified regions here. Support for additional regions will be added incrementally. Currently, this preview is recommended exclusively for testing purposes. The Azure Backup protected instance fee and the vault backup storage fees are not currently charged. Now is a great time to give vaulted backups a try! Contact us If you have questions or feedback, please reach out to us at AskAzureBackupTeam@microsoft.com.
